by eggsurplus

Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.

Free Trial

By clicking you consent to share your profile with the developer

#4419 - Deny precede Allow rule!

In Progress General Question created by it12 4 years ago

Hello,

I was trying to create a two security groups and limit the access to the certain module for the second one but allow on the first one. The problem is they were suppose to share let's say Leads without restrictions but one should not be accessing Notes and the other should?

How can I accomplish this using Security Suite rules? I have tried all that I could think of including not inheritable option, setting primary group. It seems that when you add second group regardless of what were the settings of the first group, the rules in Roles of the first group are precede by that second group.

If we can set that Deny always precede Allow rule regardless of how many groups one user is a member of, that could be great for accomplishing this scenario.

Looking forward to your reply.

Best Regards,

Slaven.

  1. eggsurplus member avatar

    eggsurplus Provider Affiliate

    4 years ago

    Hi Slaven,

    What it sounds like you might need in this case is the Strict Rights option: https://www.sugaroutfitters.com/docs/securitysuite/options.

    This will mean that the roles from the group assigned to a record will take precedence. You may also want to consider turning off the Additive Rights setting if you want the most restrictive rights to take precedence, but that doesn't sound like that is wanted, in general.

  2. it12 member avatar

    it12

    4 years ago

    Thank you very much, that does it. Turning off additive right and enabling strict is just what I need in this case.

    Best Regards,

    Slaven.

  3. it12 member avatar

    it12

    4 years ago

    One more update, it really did help, but messed up all other relationships in between our documents upload and users who can access them. Is it possible that we can turn on strict rules per group that we need?

    Thank you.

  4. it12 member avatar

    it12

    4 years ago

    Maybe I should explained what is the problem with strict rights more detailed...when we upload document using External tool there is a special group that has rights for that External tool account with allow on all rules on Accounts and Notes module. With Additive rules we can search through Accounts, with strict one we can't.

This case is public. Please leave out any sensitive information such as URLs, passwords, etc.
Saving Comment Saving Comment...
Rating
Rating
  • "It is not working. Below error is coming. "Specified directory '' for zip file 'upload://6.5.24_SecuritySuite_v3.1.12.zip' extraction does not exist."" - MaxMobility

    Read More Reviews